Policy Owner: CEO
Effective Date: 2024-06-24
This Information Security Policy has been established to protect the confidentiality, integrity, and availability of Invopop's information assets. It complies with the ISO/IEC 27001 standard and applies to all employees, contractors, and third-party users who access or use the information assets of Invopop.
This policy aims to protect information assets from all threats, whether internal or external, deliberate or accidental. It also aims to ensure compliance with all applicable laws, regulations, and contractual obligations.
The policy establishes a framework for setting, reviewing, and achieving information security objectives. It defines the responsibilities of employees, contractors, and third-party users in protecting Invopop's information assets.
Additionally, the policy aims to promote awareness, educate employees, and guide decision-making processes related to information security within the organization.
Invopop, a company dedicated to developing software to help global companies issue locally compliant invoices, has decided to introduce an Information Security Management System based on ISO27001:2022 certification to improve the services provided to its clients.
This policy applies to all information assets owned, leased, handled, or otherwise controlled by Invopop, including information stored on physical or electronic media, information transmitted over networks or through any communication channels, and information processed or handled by employees, contractors, or third-party users.
The primary objectives of this policy are to protect the confidentiality of information to prevent unauthorized disclosure, ensure the integrity of information to prevent unauthorized modification, and ensure the availability of information to authorized users when needed.
Additionally, the policy seeks to ensure compliance with applicable laws, regulations, and contractual obligations while continuously improving the information security management system (ISMS).
Invopop Management is responsible for providing leadership and commitment to information security. They ensure adequate resources are available to implement and maintain the information security management system and review and approve information security policies and procedures.
The Information Security Management System Responsible (ISMS Responsible) is responsible for developing, implementing, and maintaining the information security management system. This includes conducting risk assessments, implementing appropriate controls, and reporting on the effectiveness of the information security management system to senior management.
Employees, contractors, and third-party users are responsible for complying with this policy and all related information security procedures. They must report any suspected information security incidents or vulnerabilities to the ISMS Responsible and participate in information security training and awareness programs.
Aligned with our commitment to safeguarding information assets and maintaining the integrity of our operations, we have established a comprehensive set of security measures. These measures encompass a range of strategies and technologies to protect our systems, data, and resources from potential threats and ensure the confidentiality, integrity, and availability of information critical to our business.